0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
SolarWinds Virtualization Manager - Privilege Escalation
Author
Risk
[
Security Risk High
]0day-ID
Category
Date add
CVE
Platform
Product: Solarwinds Virtualization Manager Vendor: Solarwinds Vulnerable Version(s): < 6.3.1 Tested Version: 6.3.1 Vendor Notification: April 25th, 2016 Vendor Patch Availability to Customers: June 1st, 2016 Public Disclosure: June 14th, 2016 Vulnerability Type: Security Misconfiguration CVE Reference: CVE-2016-3643 Risk Level: High CVSSv2 Base Score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:W/RC:C/CR:M/IR:M/AR:M/MAV:L/MAC:L/MPR:L/MUI:N/MS:C/MC:H/MI:H/MA:H) Solution Status: Solution Available Discovered and Provided: Nate Kettlewell, Depth Security ( https://www.depthsecurity.com/ ) ----------------------------------------------------------------------------------------------- Advisory Details: Depth Security discovered a vulnerability in Solarwinds Virtualization Manager appliance. This attack requires a user to have an operating system shell on the vulnerable appliance. 1) Misconfiguration of sudo in Solarwinds Virtualization Manager: CVE-2016-3643 The vulnerability exists due to the miconfiguration of sudo in that it allows any local user to use sudo to execute commands as the superuser. A local attacker can obtain root privileges to the operating system regardless of privilege level. ----------------------------------------------------------------------------------------------- Solution: Solarwinds has released a hotfix to remediate this vulnerability on existing installations. This flaw as well as several others have been corrected and that release has been put into manufacturing for new appliances. ----------------------------------------------------------------------------------------------- Proof of Concept: The following is an example of the commands necessary for a low-privileged user to dump the contents of the "/etc/shadow" file by using sudo. sudo cat /etc/passwd ----------------------------------------------------------------------------------------------- References: [1] Solarwinds Virtualization Manager- http://www.solarwinds.com/virtualization-manager - Solarwinds Virtualization Manager provides monitoring and remediation for virtualized environments. # 0day.today [2024-09-28] #